I have a few questions regarding LDAP:
[*]Does any of you had issues with it?
[*]Does it allow users' passwords be changed on Madsonic and sync back to the LDAP directory?
[*]Is there any other way to enable a global authentication like this? or is only LDAP the only method available?

I setup a small OpenLDAP server to test.
Created all the groups mentioned in the wiki help and using the cn=admin user for binding for now.

Everytime a LDAP user accesses the web app, it will clone the "default" user and create a user named "user[LDAP]" according to the log and you will find it on the list of users. However it doesn't give any permission to it no matter what LDAP groups you added the user to. It just seems to not check the LDAP groups at any level. It doesn't matter if you remove the user from the LDAP groups at all. The user will still be able to log in

That's the first diff to my config. I'm using an M$ Active Directory and so I followed the instructions of Madsonic Helpsites concerning LDAP.

There are two ways you can add users from LDAP Auth...

1) Using LDAP Connection in the Admin -> LDAP Settings - when a LDAP User login first time an Account will be created with low/no rights!
The Admin should edit the users Settings first
Therefor it is needed a tag "Automatically create LDAP Users in madsonic..."

better is (maybe) variant Nr.2.....

2) Adding Users to the group [LDAP] manually and edit all needed settings directly.
When an fully added user first time login to Madsonic his account is authed by the LDAP
When adding users manually let the fileds password / retype password "free"!!
You have the control over allowed / disallowed LDAP Users!

1) create a new "groupOfNames" with cn = "madsonic.admin" in my groups that are found in cn=Users
-> very important using classObject groupOfNames and not "group" or "groupOfUniqueNames" !!!

2) I set the member = myName of the Member with "cn=MyName,cn=Users,dc=example,dc=com"

3) I set the role Group Mapping in LDAP settings of madsonic

Solution = NOT WORKING!

Ok I checked again my Domain Controller and the new cn=madsonic.admin
Under Windows AD you are able to use the ADSI Editor that gave me e.g. the values for "member"
I edited them by using the ADSI Editor and searchig for the users by names
What happened was ... ADSI Editor set my membership as <SID=000012345678899 .......>

After saving those settings I re-login again under my test-vm running madsonic 6.3.9700 !!

Solution = WORKING!!

My new added user "MyName" + LDAP-Password logged in first time and acts as "admin"

I noticed that the GroupofNames class contains the attribute "members" which is used on the template that was posted in the documentation. SO it uses that attribute to check the members.

I tried groupofUniqueNames as I am using LDAP Admin to manage the configuration and it doesn't contain that attribute, but contains "uniqueName" instead tha you can use and set it on the Madsonic LDAP Group Filter

However now in the log (set to debug mode) it will retrieve the admin role for the user, however the user has nothing
I will try to add the groups using commands using the groupofNames class instead and see what happens